RE: netscreen policy

From: Patrick Lynchehaun (plynch@servecentric.com)
Date: Thu May 05 2005 - 13:23:10 GMT-3

• Next message: gladston@br.ibm.com: "RE: Identify ARP"
• Previous message: john matijevic: "netscreen policy"
• Maybe in reply to: john matijevic: "netscreen policy"
• Messages sorted by: [ date ] [ thread ] [ subject ] [ author ] [ attachment ]

John
        That error usually corresponds to using address that is from a different zone Trust/Untrust. First bind your addresses to the zones.

Thanks,
        Patrick.

-----Original Message-----
From: john matijevic [mailto:john.matijevic@gmail.com]
Sent: 05 May 2005 17:17
To: ccielab@groupstudy.com
Subject: netscreen policy

Hello Team,
 I am trying to add a policy to a Netscreen Firewall. I get the following
error below:
I was able to add a policy previously to a Netscreen firewall.
 Firewall-> set policy id 25 from "Trust" to "Untrust"
"192.168.1.0<http://192.168.1.0>"
"192.
168.4.0" "ANY" Tunnel vpn "Tunnel for 192.168.4.0 <http://192.168.4.0>" id
25 pair-policy 26
Zone 2->1: Invalid src or dst address id 27882468/-1
set policy id 25 from "Trust" to "Untrust" "192.168.1.0 <http://192.168.1.0>"
"192.168.4.0 <http://192.168.4.0>" "ANY" Tu
nnel vpn "Tunnel for 192.168.4.0 <http://192.168.4.0>" id 25 pair-policy 26
  Thanks again,
 Sincerely,
John

--
John Matijevic, CCIE #13254
U.S. Installation Group
Senior Network Engineer
954-969-7160 ext. 1147 (office)
305-321-6232 (cell)

• Next message: gladston@br.ibm.com: "RE: Identify ARP"
• Previous message: john matijevic: "netscreen policy"
• Maybe in reply to: john matijevic: "netscreen policy"
• Messages sorted by: [ date ] [ thread ] [ subject ] [ author ] [ attachment ]

This archive was generated by hypermail 2.1.4 : Fri Jun 03 2005 - 10:11:56 GMT-3